The aws:vpclattice/resourceConfiguration:ResourceConfiguration resource, part of the Pulumi AWS provider, defines how VPC Lattice routes traffic to backend resources: by DNS name, IP address, or AWS ARN. This guide focuses on four capabilities: DNS-based routing, IP-based routing, custom domain presentation, and ARN-based AWS resource access.
Resource configurations require a VPC Lattice Resource Gateway and may need domain verification for custom domains. The examples are intentionally small. Combine them with your own Resource Gateway and networking infrastructure.
Route traffic to a DNS-based resource
VPC Lattice resolves domain names to IP addresses at request time, enabling dynamic backend discovery without hardcoded addresses.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.vpclattice.ResourceConfiguration("example", {
name: "Example",
resourceGatewayIdentifier: exampleAwsVpclatticeResourceGateway.id,
portRanges: ["80"],
protocol: "TCP",
resourceConfigurationDefinition: {
dnsResource: {
domainName: "example.com",
ipAddressType: "IPV4",
},
},
tags: {
Environment: "Example",
},
});
import pulumi
import pulumi_aws as aws
example = aws.vpclattice.ResourceConfiguration("example",
name="Example",
resource_gateway_identifier=example_aws_vpclattice_resource_gateway["id"],
port_ranges=["80"],
protocol="TCP",
resource_configuration_definition={
"dns_resource": {
"domain_name": "example.com",
"ip_address_type": "IPV4",
},
},
tags={
"Environment": "Example",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/vpclattice"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := vpclattice.NewResourceConfiguration(ctx, "example", &vpclattice.ResourceConfigurationArgs{
Name: pulumi.String("Example"),
ResourceGatewayIdentifier: pulumi.Any(exampleAwsVpclatticeResourceGateway.Id),
PortRanges: pulumi.StringArray{
pulumi.String("80"),
},
Protocol: pulumi.String("TCP"),
ResourceConfigurationDefinition: &vpclattice.ResourceConfigurationResourceConfigurationDefinitionArgs{
DnsResource: &vpclattice.ResourceConfigurationResourceConfigurationDefinitionDnsResourceArgs{
DomainName: pulumi.String("example.com"),
IpAddressType: pulumi.String("IPV4"),
},
},
Tags: pulumi.StringMap{
"Environment": pulumi.String("Example"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.VpcLattice.ResourceConfiguration("example", new()
{
Name = "Example",
ResourceGatewayIdentifier = exampleAwsVpclatticeResourceGateway.Id,
PortRanges = new[]
{
"80",
},
Protocol = "TCP",
ResourceConfigurationDefinition = new Aws.VpcLattice.Inputs.ResourceConfigurationResourceConfigurationDefinitionArgs
{
DnsResource = new Aws.VpcLattice.Inputs.ResourceConfigurationResourceConfigurationDefinitionDnsResourceArgs
{
DomainName = "example.com",
IpAddressType = "IPV4",
},
},
Tags =
{
{ "Environment", "Example" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.vpclattice.ResourceConfiguration;
import com.pulumi.aws.vpclattice.ResourceConfigurationArgs;
import com.pulumi.aws.vpclattice.inputs.ResourceConfigurationResourceConfigurationDefinitionArgs;
import com.pulumi.aws.vpclattice.inputs.ResourceConfigurationResourceConfigurationDefinitionDnsResourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceConfiguration("example", ResourceConfigurationArgs.builder()
.name("Example")
.resourceGatewayIdentifier(exampleAwsVpclatticeResourceGateway.id())
.portRanges("80")
.protocol("TCP")
.resourceConfigurationDefinition(ResourceConfigurationResourceConfigurationDefinitionArgs.builder()
.dnsResource(ResourceConfigurationResourceConfigurationDefinitionDnsResourceArgs.builder()
.domainName("example.com")
.ipAddressType("IPV4")
.build())
.build())
.tags(Map.of("Environment", "Example"))
.build());
}
}
resources:
example:
type: aws:vpclattice:ResourceConfiguration
properties:
name: Example
resourceGatewayIdentifier: ${exampleAwsVpclatticeResourceGateway.id}
portRanges:
- '80'
protocol: TCP
resourceConfigurationDefinition:
dnsResource:
domainName: example.com
ipAddressType: IPV4
tags:
Environment: Example
The resourceConfigurationDefinition.dnsResource block specifies the backend domain name and IP address type. At runtime, VPC Lattice resolves the domain and routes traffic through the Resource Gateway on the specified port ranges. The protocol property currently supports only TCP.
Route traffic to a static IP address
When backend resources have fixed IP addresses, IP-based configurations provide direct routing without DNS resolution.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.vpclattice.ResourceConfiguration("example", {
name: "Example",
resourceGatewayIdentifier: exampleAwsVpclatticeResourceGateway.id,
portRanges: ["80"],
protocol: "TCP",
resourceConfigurationDefinition: {
ipResource: {
ipAddress: "10.0.0.1",
},
},
tags: {
Environment: "Example",
},
});
import pulumi
import pulumi_aws as aws
example = aws.vpclattice.ResourceConfiguration("example",
name="Example",
resource_gateway_identifier=example_aws_vpclattice_resource_gateway["id"],
port_ranges=["80"],
protocol="TCP",
resource_configuration_definition={
"ip_resource": {
"ip_address": "10.0.0.1",
},
},
tags={
"Environment": "Example",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/vpclattice"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := vpclattice.NewResourceConfiguration(ctx, "example", &vpclattice.ResourceConfigurationArgs{
Name: pulumi.String("Example"),
ResourceGatewayIdentifier: pulumi.Any(exampleAwsVpclatticeResourceGateway.Id),
PortRanges: pulumi.StringArray{
pulumi.String("80"),
},
Protocol: pulumi.String("TCP"),
ResourceConfigurationDefinition: &vpclattice.ResourceConfigurationResourceConfigurationDefinitionArgs{
IpResource: &vpclattice.ResourceConfigurationResourceConfigurationDefinitionIpResourceArgs{
IpAddress: pulumi.String("10.0.0.1"),
},
},
Tags: pulumi.StringMap{
"Environment": pulumi.String("Example"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.VpcLattice.ResourceConfiguration("example", new()
{
Name = "Example",
ResourceGatewayIdentifier = exampleAwsVpclatticeResourceGateway.Id,
PortRanges = new[]
{
"80",
},
Protocol = "TCP",
ResourceConfigurationDefinition = new Aws.VpcLattice.Inputs.ResourceConfigurationResourceConfigurationDefinitionArgs
{
IpResource = new Aws.VpcLattice.Inputs.ResourceConfigurationResourceConfigurationDefinitionIpResourceArgs
{
IpAddress = "10.0.0.1",
},
},
Tags =
{
{ "Environment", "Example" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.vpclattice.ResourceConfiguration;
import com.pulumi.aws.vpclattice.ResourceConfigurationArgs;
import com.pulumi.aws.vpclattice.inputs.ResourceConfigurationResourceConfigurationDefinitionArgs;
import com.pulumi.aws.vpclattice.inputs.ResourceConfigurationResourceConfigurationDefinitionIpResourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceConfiguration("example", ResourceConfigurationArgs.builder()
.name("Example")
.resourceGatewayIdentifier(exampleAwsVpclatticeResourceGateway.id())
.portRanges("80")
.protocol("TCP")
.resourceConfigurationDefinition(ResourceConfigurationResourceConfigurationDefinitionArgs.builder()
.ipResource(ResourceConfigurationResourceConfigurationDefinitionIpResourceArgs.builder()
.ipAddress("10.0.0.1")
.build())
.build())
.tags(Map.of("Environment", "Example"))
.build());
}
}
resources:
example:
type: aws:vpclattice:ResourceConfiguration
properties:
name: Example
resourceGatewayIdentifier: ${exampleAwsVpclatticeResourceGateway.id}
portRanges:
- '80'
protocol: TCP
resourceConfigurationDefinition:
ipResource:
ipAddress: 10.0.0.1
tags:
Environment: Example
The ipResource block replaces DNS resolution with a static IP address. Traffic flows directly to 10.0.0.1 through the Resource Gateway. This approach works well for resources with stable network identities.
Expose resources through a custom domain
Applications often present a branded domain to clients while routing to backend resources with different names.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.vpclattice.DomainVerification("example", {domainName: "example.com"});
const exampleResourceConfiguration = new aws.vpclattice.ResourceConfiguration("example", {
name: "Example",
resourceGatewayIdentifier: exampleAwsVpclatticeResourceGateway.id,
customDomainName: "custom.example.com",
domainVerificationId: example.id,
portRanges: ["443"],
protocol: "TCP",
resourceConfigurationDefinition: {
dnsResource: {
domainName: "test.example.com",
ipAddressType: "IPV4",
},
},
tags: {
Environment: "Example",
},
});
import pulumi
import pulumi_aws as aws
example = aws.vpclattice.DomainVerification("example", domain_name="example.com")
example_resource_configuration = aws.vpclattice.ResourceConfiguration("example",
name="Example",
resource_gateway_identifier=example_aws_vpclattice_resource_gateway["id"],
custom_domain_name="custom.example.com",
domain_verification_id=example.id,
port_ranges=["443"],
protocol="TCP",
resource_configuration_definition={
"dns_resource": {
"domain_name": "test.example.com",
"ip_address_type": "IPV4",
},
},
tags={
"Environment": "Example",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/vpclattice"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := vpclattice.NewDomainVerification(ctx, "example", &vpclattice.DomainVerificationArgs{
DomainName: pulumi.String("example.com"),
})
if err != nil {
return err
}
_, err = vpclattice.NewResourceConfiguration(ctx, "example", &vpclattice.ResourceConfigurationArgs{
Name: pulumi.String("Example"),
ResourceGatewayIdentifier: pulumi.Any(exampleAwsVpclatticeResourceGateway.Id),
CustomDomainName: pulumi.String("custom.example.com"),
DomainVerificationId: example.ID(),
PortRanges: pulumi.StringArray{
pulumi.String("443"),
},
Protocol: pulumi.String("TCP"),
ResourceConfigurationDefinition: &vpclattice.ResourceConfigurationResourceConfigurationDefinitionArgs{
DnsResource: &vpclattice.ResourceConfigurationResourceConfigurationDefinitionDnsResourceArgs{
DomainName: pulumi.String("test.example.com"),
IpAddressType: pulumi.String("IPV4"),
},
},
Tags: pulumi.StringMap{
"Environment": pulumi.String("Example"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.VpcLattice.DomainVerification("example", new()
{
DomainName = "example.com",
});
var exampleResourceConfiguration = new Aws.VpcLattice.ResourceConfiguration("example", new()
{
Name = "Example",
ResourceGatewayIdentifier = exampleAwsVpclatticeResourceGateway.Id,
CustomDomainName = "custom.example.com",
DomainVerificationId = example.Id,
PortRanges = new[]
{
"443",
},
Protocol = "TCP",
ResourceConfigurationDefinition = new Aws.VpcLattice.Inputs.ResourceConfigurationResourceConfigurationDefinitionArgs
{
DnsResource = new Aws.VpcLattice.Inputs.ResourceConfigurationResourceConfigurationDefinitionDnsResourceArgs
{
DomainName = "test.example.com",
IpAddressType = "IPV4",
},
},
Tags =
{
{ "Environment", "Example" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.vpclattice.DomainVerification;
import com.pulumi.aws.vpclattice.DomainVerificationArgs;
import com.pulumi.aws.vpclattice.ResourceConfiguration;
import com.pulumi.aws.vpclattice.ResourceConfigurationArgs;
import com.pulumi.aws.vpclattice.inputs.ResourceConfigurationResourceConfigurationDefinitionArgs;
import com.pulumi.aws.vpclattice.inputs.ResourceConfigurationResourceConfigurationDefinitionDnsResourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new DomainVerification("example", DomainVerificationArgs.builder()
.domainName("example.com")
.build());
var exampleResourceConfiguration = new ResourceConfiguration("exampleResourceConfiguration", ResourceConfigurationArgs.builder()
.name("Example")
.resourceGatewayIdentifier(exampleAwsVpclatticeResourceGateway.id())
.customDomainName("custom.example.com")
.domainVerificationId(example.id())
.portRanges("443")
.protocol("TCP")
.resourceConfigurationDefinition(ResourceConfigurationResourceConfigurationDefinitionArgs.builder()
.dnsResource(ResourceConfigurationResourceConfigurationDefinitionDnsResourceArgs.builder()
.domainName("test.example.com")
.ipAddressType("IPV4")
.build())
.build())
.tags(Map.of("Environment", "Example"))
.build());
}
}
resources:
example:
type: aws:vpclattice:DomainVerification
properties:
domainName: example.com
exampleResourceConfiguration:
type: aws:vpclattice:ResourceConfiguration
name: example
properties:
name: Example
resourceGatewayIdentifier: ${exampleAwsVpclatticeResourceGateway.id}
customDomainName: custom.example.com
domainVerificationId: ${example.id}
portRanges:
- '443'
protocol: TCP
resourceConfigurationDefinition:
dnsResource:
domainName: test.example.com
ipAddressType: IPV4
tags:
Environment: Example
The customDomainName property sets the client-facing domain (custom.example.com), while dnsResource.domainName specifies the backend target (test.example.com). The DomainVerification resource proves domain ownership; VPC Lattice uses the verification ID to validate your control of the custom domain.
Route traffic to AWS resources by ARN
Some AWS resources can be referenced directly by ARN, bypassing DNS or IP configuration.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const test = new aws.vpclattice.ResourceConfiguration("test", {
name: "Example",
resourceGatewayIdentifier: testAwsVpclatticeResourceGateway.id,
type: "ARN",
resourceConfigurationDefinition: {
arnResource: {
arn: example.arn,
},
},
});
import pulumi
import pulumi_aws as aws
test = aws.vpclattice.ResourceConfiguration("test",
name="Example",
resource_gateway_identifier=test_aws_vpclattice_resource_gateway["id"],
type="ARN",
resource_configuration_definition={
"arn_resource": {
"arn": example["arn"],
},
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/vpclattice"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := vpclattice.NewResourceConfiguration(ctx, "test", &vpclattice.ResourceConfigurationArgs{
Name: pulumi.String("Example"),
ResourceGatewayIdentifier: pulumi.Any(testAwsVpclatticeResourceGateway.Id),
Type: pulumi.String("ARN"),
ResourceConfigurationDefinition: &vpclattice.ResourceConfigurationResourceConfigurationDefinitionArgs{
ArnResource: &vpclattice.ResourceConfigurationResourceConfigurationDefinitionArnResourceArgs{
Arn: pulumi.Any(example.Arn),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var test = new Aws.VpcLattice.ResourceConfiguration("test", new()
{
Name = "Example",
ResourceGatewayIdentifier = testAwsVpclatticeResourceGateway.Id,
Type = "ARN",
ResourceConfigurationDefinition = new Aws.VpcLattice.Inputs.ResourceConfigurationResourceConfigurationDefinitionArgs
{
ArnResource = new Aws.VpcLattice.Inputs.ResourceConfigurationResourceConfigurationDefinitionArnResourceArgs
{
Arn = example.Arn,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.vpclattice.ResourceConfiguration;
import com.pulumi.aws.vpclattice.ResourceConfigurationArgs;
import com.pulumi.aws.vpclattice.inputs.ResourceConfigurationResourceConfigurationDefinitionArgs;
import com.pulumi.aws.vpclattice.inputs.ResourceConfigurationResourceConfigurationDefinitionArnResourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new ResourceConfiguration("test", ResourceConfigurationArgs.builder()
.name("Example")
.resourceGatewayIdentifier(testAwsVpclatticeResourceGateway.id())
.type("ARN")
.resourceConfigurationDefinition(ResourceConfigurationResourceConfigurationDefinitionArgs.builder()
.arnResource(ResourceConfigurationResourceConfigurationDefinitionArnResourceArgs.builder()
.arn(example.arn())
.build())
.build())
.build());
}
}
resources:
test:
type: aws:vpclattice:ResourceConfiguration
properties:
name: Example
resourceGatewayIdentifier: ${testAwsVpclatticeResourceGateway.id}
type: ARN
resourceConfigurationDefinition:
arnResource:
arn: ${example.arn}
The type property set to “ARN” enables ARN-based routing. The arnResource block specifies the target resource’s ARN. This approach works for supported AWS services that integrate with VPC Lattice, eliminating the need for port ranges or protocol configuration.
Beyond these examples
These snippets focus on specific resource configuration features: DNS, IP, and ARN-based resource identification, custom domain presentation with verification, and port and protocol configuration. They’re intentionally minimal rather than full VPC Lattice deployments.
The examples rely on pre-existing infrastructure such as VPC Lattice Resource Gateway and domain ownership for custom domain verification. They focus on configuring resource routing rather than provisioning the Resource Gateway itself.
To keep things focused, common resource configuration patterns are omitted, including:
- Shareable service network associations (allowAssociationToShareableServiceNetwork)
- Resource configuration groups (resourceConfigurationGroupId, type GROUP/CHILD)
- Cross-region resource access (region property)
These omissions are intentional: the goal is to illustrate how each resource identification method is wired, not provide drop-in VPC Lattice modules. See the VPC Lattice ResourceConfiguration resource reference for all available configuration options.
Let's configure AWS VPC Lattice Resource Configurations
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Resource Types & Configuration
What resource types can I configure in VPC Lattice?
You can configure three resource types: DNS-based resources (using
dnsResource with domain name), IP address-based resources (using ipResource with an IP address), or ARN-based resources (using arnResource with an AWS resource ARN). Set the type property to SINGLE for DNS/IP or ARN for ARN-based configurations.What are the different configuration types (GROUP, CHILD, SINGLE, ARN)?
The
type property must be one of GROUP, CHILD, SINGLE, or ARN. Use CHILD when referencing a parent configuration via resourceConfigurationGroupId, and ARN for ARN-based resources.Resource Gateway & Dependencies
When do I need to specify protocol and resourceGatewayIdentifier?
You must specify both
protocol and resourceGatewayIdentifier unless you’re providing resourceConfigurationGroupId for a CHILD type configuration. These properties are mutually exclusive with resourceConfigurationGroupId.What's the difference between resourceGatewayIdentifier and resourceConfigurationGroupId?
Use
resourceGatewayIdentifier to specify the Resource Gateway for accessing your resource directly. Use resourceConfigurationGroupId when creating a CHILD type configuration that references a parent GROUP configuration.Networking & Protocols
What protocols are supported for VPC Lattice resource configurations?
Currently, only
TCP is supported as the protocol value.How do I specify port ranges?
Use the
portRanges property with either a single port like 80 or a range like 80-81.Custom Domains & Verification
How do I configure a custom domain name for my resource?
Set
customDomainName to your custom domain and provide a domainVerificationId to prove domain ownership. Create an aws.vpclattice.DomainVerification resource first and reference its ID, or configure DNS settings manually if you don’t provide an ID.Can I use a custom domain without domain verification?
If you don’t provide a
domainVerificationId, you must configure the DNS settings yourself to verify domain ownership.Using a different cloud?
Explore networking guides for other cloud providers: